Hello list users,
I recently upgraded my FreeBSD server to 11.0-Release. After that, I
changed my apache configuration from using mod_php to using mod_proxy_fcgi
(php-fpm).
Now I have the well-known issue: I can log into the web interface but
cannot log into the CalDAV account.
On the wiki, I can see a rather old page about FastCGI not passing all the
necessary headers to php. But I cannot find anything anywhere about the
right configuration with mod_proxy_fcgi.
I have tried various configurations, the latest being:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /usr/local/etc/letsencrypt/live/cal.example.com/cert.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/
cal.example.com/privkey.pem
SSLCertificateChainFile /usr/local/etc/letsencrypt/live/
cal.example.com/chain.pem
DocumentRoot /usr/local/www/davical/htdocs
DirectoryIndex index.php index.html
ServerName calendar.example.com
ServerAlias davical.example.com
ServerAlias cal.example.com
Alias /images/ "/usr/local/www/davical/htdocs/images"
SetEnvIf Authorization "(.+)" HTTP_AUTHORIZATION=$$1
<Directory "/usr/local/www/davical/htdocs">
Require all granted
CGIPassAuth On
</Directory>
AcceptPathInfo On
# ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://
127.0.0.1:9001/usr/local/www/davical/htdocs/$1
# DirectoryIndex /index.php index.php
<filesmatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9001"
</filesmatch>
LogLevel debug
ErrorLog "/var/log/cal.example.com-error_log"
CustomLog "/var/log/cal.example.com-access_log" combinedio
</VirtualHost>
When debugging is set to ALL, I get this in my log:
php-fpm[29865]: DAVICAL_DEBUG: ALL: I18N:Bound domain =davical= to location
=../locale= using character set =UTF-8=
php-fpm[29865]: DAVICAL_DEBUG: ALL: caldav:Version (1.1.5) == 1001.5
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: SELECT
schema_major, schema_minor, schema_patch FROM awl_db_revision O
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: Took: 0.004788 to
find 1 rows.
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: SET TIMEZONE TO ?
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: "0" =>
"Europe/Copenhagen"
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: Took: 0.000855 to
find 0 rows.
php-fpm[29865]: DAVICAL_DEBUG: LOG: :***************** Request Header
****************
php-fpm[29865]: DAVICAL_DEBUG: LOG: :PROPFIND /
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Host: calendar.example.com
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Depth: 0
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Brief: t
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Accept: */*
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Connection: keep-alive
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Prefer: return=minimal
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->User-Agent: iOS/10.3.1
(14E304) accountsd/1.0
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Accept-Language: da-dk
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Accept-Encoding: gzip,
deflate
php-fpm[29865]: DAVICAL_DEBUG: LOG: :******************** Request
********************
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--><?xml version="1.0"
encoding="UTF-8"?>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--><A:propfind xmlns:A="DAV:">
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> <A:prop>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> <A:current-user-principal/>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> <A:principal-URL/>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> <A:resourcetype/>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> </A:prop>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--></A:propfind>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:-->
php-fpm[29865]: DAVICAL_DEBUG: ALL: HTTPAuth::AuthFailedResponse Requesting
authentication in the 'DAViCal CalDAV Server' realm
php-fpm[29865]: DAVICAL_DEBUG: ALL: HTTPAuth::Session: User is not
authorised: 87.49.146.214
I hope somebody has a working configuration and can point me in the right
direction.
--
Regards,
Jon Theil Nielsen
I recently upgraded my FreeBSD server to 11.0-Release. After that, I
changed my apache configuration from using mod_php to using mod_proxy_fcgi
(php-fpm).
Now I have the well-known issue: I can log into the web interface but
cannot log into the CalDAV account.
On the wiki, I can see a rather old page about FastCGI not passing all the
necessary headers to php. But I cannot find anything anywhere about the
right configuration with mod_proxy_fcgi.
I have tried various configurations, the latest being:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /usr/local/etc/letsencrypt/live/cal.example.com/cert.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/
cal.example.com/privkey.pem
SSLCertificateChainFile /usr/local/etc/letsencrypt/live/
cal.example.com/chain.pem
DocumentRoot /usr/local/www/davical/htdocs
DirectoryIndex index.php index.html
ServerName calendar.example.com
ServerAlias davical.example.com
ServerAlias cal.example.com
Alias /images/ "/usr/local/www/davical/htdocs/images"
SetEnvIf Authorization "(.+)" HTTP_AUTHORIZATION=$$1
<Directory "/usr/local/www/davical/htdocs">
Require all granted
CGIPassAuth On
</Directory>
AcceptPathInfo On
# ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://
127.0.0.1:9001/usr/local/www/davical/htdocs/$1
# DirectoryIndex /index.php index.php
<filesmatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9001"
</filesmatch>
LogLevel debug
ErrorLog "/var/log/cal.example.com-error_log"
CustomLog "/var/log/cal.example.com-access_log" combinedio
</VirtualHost>
When debugging is set to ALL, I get this in my log:
php-fpm[29865]: DAVICAL_DEBUG: ALL: I18N:Bound domain =davical= to location
=../locale= using character set =UTF-8=
php-fpm[29865]: DAVICAL_DEBUG: ALL: caldav:Version (1.1.5) == 1001.5
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: SELECT
schema_major, schema_minor, schema_patch FROM awl_db_revision O
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: Took: 0.004788 to
find 1 rows.
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: SET TIMEZONE TO ?
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: "0" =>
"Europe/Copenhagen"
php-fpm[29865]: DAVICAL_DEBUG: LOG: always: Query: DBGQ: Took: 0.000855 to
find 0 rows.
php-fpm[29865]: DAVICAL_DEBUG: LOG: :***************** Request Header
****************
php-fpm[29865]: DAVICAL_DEBUG: LOG: :PROPFIND /
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Host: calendar.example.com
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Depth: 0
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Brief: t
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Accept: */*
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Connection: keep-alive
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Prefer: return=minimal
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->User-Agent: iOS/10.3.1
(14E304) accountsd/1.0
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Accept-Language: da-dk
php-fpm[29865]: DAVICAL_DEBUG: LOG: headers:-->Accept-Encoding: gzip,
deflate
php-fpm[29865]: DAVICAL_DEBUG: LOG: :******************** Request
********************
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--><?xml version="1.0"
encoding="UTF-8"?>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--><A:propfind xmlns:A="DAV:">
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> <A:prop>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> <A:current-user-principal/>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> <A:principal-URL/>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> <A:resourcetype/>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--> </A:prop>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:--></A:propfind>
php-fpm[29865]: DAVICAL_DEBUG: LOG: request:-->
php-fpm[29865]: DAVICAL_DEBUG: ALL: HTTPAuth::AuthFailedResponse Requesting
authentication in the 'DAViCal CalDAV Server' realm
php-fpm[29865]: DAVICAL_DEBUG: ALL: HTTPAuth::Session: User is not
authorised: 87.49.146.214
I hope somebody has a working configuration and can point me in the right
direction.
--
Regards,
Jon Theil Nielsen